The National Disaster Management Authority has dismissed claims that its National Emergency Operations Centre was hacked, calling the reports “fabricated” and false.

The alleged breach, reportedly detected on April 4, 2026, was linked to a threat actor using the alias “h4xorvats,” who claimed to have stolen over 13,000 files, including source code and sensitive user databases containing CNIC numbers, bank details, medical records, employment data, and vaccination information.

A senior NDMA official, speaking anonymously, clarified that NEOC does not collect or store personal, medical, or financial data. “NEOC is solely focused on natural disaster monitoring and response, using publicly available climate data, satellite imagery, and AI-driven tools. There has been no cyber incident or suspicious activity affecting NDMA’s IT systems,” he said.

NDMA emphasized that all NEOC data is open to the public and contains no classified or personal information. The agency warned that circulating claims of a breach could cause unnecessary panic and confusion.

Experts note that had such a breach occurred, it would have been one of the most serious cybersecurity incidents involving a Pakistani public-sector platform, potentially exposing citizens to identity theft, financial fraud, and misuse of sensitive health information.

NDMA continues to monitor cybersecurity threats but reiterated that all reports regarding the alleged NEOC breach are false.